Adds user_group option under haproxy_amphora

This fix adds the user_group configuration option under the haproxy_amphora section, which is currently available in the neutron-lbaas code base. The incentive for the above-mentioned addition is that in CentOS, Fedora and RHEL based amphora images, the 'nogroup' user group does not exist by default. Therefore users who wish to use those type of amphora images should have the option to configure a different user group such as 'haproxy'. The default value for user group is 'nogroup' so the default behavior remains intact. Related-Bug #1548070 Change-Id: Ifac59889fa8120d974840bae2913587292f474c1
2016-12-29 13:39:18 +02:00 · 2016-12-29 13:39:18 +02:00 · e75c8ecc09
parent 1aedd8a0f5
commit e75c8ecc09
6 changed files with 17 additions and 5 deletions
--- a/etc/octavia.conf
+++ b/etc/octavia.conf
@ -116,6 +116,7 @@
 # haproxy_template =
 # connection_max_retries = 300
 # connection_retry_interval = 5
+# user_group = nogroup

 # Maximum number of entries that can fit in the stick table.
 # The size supports "k", "m", "g" suffixes.
--- a/octavia/amphorae/backends/agent/agent_jinja_cfg.py
+++ b/octavia/amphorae/backends/agent/agent_jinja_cfg.py
@ -49,6 +49,7 @@ class AgentJinjaTemplater(object):
             'base_path': CONF.haproxy_amphora.base_path,
             'bind_host': CONF.haproxy_amphora.bind_host,
             'bind_port': CONF.haproxy_amphora.bind_port,
+             'user_group': CONF.haproxy_amphora.user_group,
             'controller_list': CONF.health_manager.controller_ip_port_list,
             'debug': CONF.debug,
             'haproxy_cmd': CONF.haproxy_amphora.haproxy_cmd,
--- a/octavia/amphorae/backends/agent/templates/amphora_agent_conf.template
+++ b/octavia/amphorae/backends/agent/templates/amphora_agent_conf.template
@ -24,6 +24,7 @@ haproxy_cmd = {{ haproxy_cmd }}
 respawn_count = {{ respawn_count }}
 respawn_interval = {{ respawn_interval }}
 use_upstart = {{ use_upstart }}
+user_group = {{ user_group }}

 [health_manager]
 controller_ip_port_list = {{ controller_list|join(', ') }}
--- a/octavia/amphorae/drivers/haproxy/rest_api_driver.py
+++ b/octavia/amphorae/drivers/haproxy/rest_api_driver.py
@ -70,9 +70,11 @@ class HaproxyAmphoraLoadBalancerDriver(
        for amp in listener.load_balancer.amphorae:
            if amp.status != consts.DELETED:
                # Generate HaProxy configuration from listener object
-                config = self.jinja.build_config(amp,
-                                                 listener,
-                                                 certs['tls_cert'])
+                config = self.jinja.build_config(
+                    host_amphora=amp,
+                    listener=listener,
+                    tls_cert=certs['tls_cert'],
+                    user_group=CONF.haproxy_amphora.user_group)
                self.client.upload_config(amp, listener.id, config)
                self.client.reload_listener(amp, listener.id)

--- a/octavia/common/config.py
+++ b/octavia/common/config.py
@ -162,6 +162,10 @@ haproxy_amphora_opts = [
               default=5,
               help=_('Retry timeout between connection attempts in '
                      'seconds.')),
+    cfg.StrOpt('user_group',
+               default='nogroup',
+               help=_('The user group for haproxy to run under inside the '
+                      'amphora.')),
    cfg.StrOpt('haproxy_stick_size', default='10k',
               help=_('Size of the HAProxy stick table. Accepts k, m, g '
                      'suffixes.  Example: 10k')),
--- a/octavia/tests/unit/amphorae/backends/agent/test_agent_jinja_cfg.py
+++ b/octavia/tests/unit/amphorae/backends/agent/test_agent_jinja_cfg.py
@ -37,6 +37,7 @@ class AgentJinjaTestCase(base.TestCase):
        self.conf.config(group="haproxy_amphora",
                         base_cert_dir='/var/lib/octavia/certs')
        self.conf.config(group="haproxy_amphora", use_upstart='True')
+        self.conf.config(group="haproxy_amphora", user_group='nogroup')
        self.conf.config(group="haproxy_amphora", base_path='/var/lib/octavia')
        self.conf.config(group="haproxy_amphora", bind_host='0.0.0.0')
        self.conf.config(group="haproxy_amphora", bind_port=9443)
@ -64,7 +65,8 @@ class AgentJinjaTestCase(base.TestCase):
                           'haproxy_cmd = /usr/sbin/haproxy\n'
                           'respawn_count = 2\n'
                           'respawn_interval = 2\n'
-                           'use_upstart = True\n\n'
+                           'use_upstart = True\n'
+                           'user_group = nogroup\n\n'
                           '[health_manager]\n'
                           'controller_ip_port_list = 192.0.2.10:5555\n'
                           'heartbeat_interval = 10\n'
@ -96,7 +98,8 @@ class AgentJinjaTestCase(base.TestCase):
                           'haproxy_cmd = /usr/sbin/haproxy\n'
                           'respawn_count = 2\n'
                           'respawn_interval = 2\n'
-                           'use_upstart = False\n\n'
+                           'use_upstart = False\n'
+                           'user_group = nogroup\n\n'
                           '[health_manager]\n'
                           'controller_ip_port_list = 192.0.2.10:5555\n'
                           'heartbeat_interval = 10\n'